Re: htaccess with apache

[António Vasconcelos <vasco () all-2-it com>]

Tim Greer wrote:

>  
>
> > MORE IMPORTANTLY,
> > /etc/passwd shouldn't be readable by the CGI server!
> >    
>
> Sure it should be!  The default permissions (that are safe too) are 644
> for this file.  Are you thinking of shadow or master.passwd???
>  
It shouldn't...
There is no need for nobody/nobody to read /etc/passwd file. Of course 
that the passwords are in /etc/shadow but I see no reason to show 
everyone (or nobody in this case, hehehe) the list of users and it's shells.
Yes, the default permssions will allow user nobody to do just that, 
that's why there are unix'es were you can setup extended permissions for 
any file.

--

António  Vasconcelos
/(Administrador de Sistemas)
ALL2IT-Infocomunicações, SA
Torre de Monsanto, 6º Piso
Miraflores, Algés
PORTUGAL
Telf.: + 351 21 412 39 50
Fax.: + 351 21 410 51 94/



*CONFIDENCIAL*: Esta mensagem contém informação confidencial ou material 
privilegiado, e é só intencionada para os seus destinatários. De acordo 
com a lei em vigor, se um erro originou que tenha recebido esta mensagem 
por engano pedimos que, de imediato, notifique o remetente e a apague do 
seu sistema sem a reproduzir.
	*CONFIDENTIAL*: This e-mail contains proprietary information, some or 
all of which may be legally privileged. It is for the intended 
recipients only. According to the law in force, if an addressing or 
transmission error has misdirected this e-mail, please notify the author 
by replying to this e-mail and delete it from your system without 
retaining a copy.




...................................................................................
Scanned OK by ALL-2-IT Anti-Virus Gateway